The Check Point Firewall Insight Pack gives operational administrators and users the ability to use IBM Operations Analytics – Log Analysis to analyse traffic on their installed Checkpoint Firewalls. Users can monitor normal operational traffic (based on log content) showing the cadence of “accepts” and “denies” hitting the firewall. When noticing peaks they can then drill down into the messages to of concern from possible port scans, host sweeps and general probing. Based on information they can take proactive measures to isolate the situation.
The Check Point Firewall dashboards will display various charts for the configured time period. These charts reflect the normal processing information from the Check Point Firewall_Normal.
The Insight Pack handles log content from the Check Point Firewall:
- Normal logs
- Audit Logs
Operational Traffic logs are for intrusion detection which contains the “accepts” and “denies” found in the main log. These entries are used for indicating port scans, host sweeps, and general probing.
This log tracks all changes made via the Check Point Firewall user interface.
Note: The Insight Pack utilizes the generally available Check Point log grabber routine: FW1-loggrabber OPSEC LEA client. To install the FW1-loggrabber OPSEC LEA client you will need to download the software from either one of the following sites:
- Version 2.0: http://github.com/certego/fw1-loggrabber
- Version 1.11: http://sourceforge.net/projects/fw1-loggrabber
The FW1-LogGrabber uses API-functions from Checkpoint’s OPSEC SDK. Check Point Firewall entitled customers and users can download the SDK at the Check Point Software OPSEC SDK 6.0 for Linux site.
Refer to the Insight Pack documentation for additional information on the Insight Packs and steps for installing and configuring.
Review the following video for information on using and setting up the Insight Pack.
IBM Operations Analytics-Log Analysis Insight Packs for Networks- Standard Install License
Cost: License Fee
- IBM Operations Analytics â€“ Log Analysis version 1.3.0 or above
- Check Point Firewall R77.20
- FW1-loggrabber OPSEC LEA client
- OPSEC SDK 6.0 for Linux
- Purchased “IBM Operations Analytics-Log Analysis Insight Packs for Networks- Standard Install License” for each installed Insight Pack.
This package is subject to the License terms included with the Insight Pack, along with those displayed upon download.
To report a problem with deploying this entry, entitled customers may contact the country specific IBM support channel, reference the IBM Worldwide Directory. Also use the “Support” link to access the support site for IBM Operations Analytics – Log Analysis information.